There are many ways for protecting computing assets from the harmful effects of viruses, malware, adware, exploits, and other computer contaminants (also known collectively as “attacks”). Desktop, laptop and server computers enjoy numerous antivirus, network, and similar security software products that are able to detect security threats such as exploits, viruses, and malware. The detection of known viruses and malware often involves identifying the software code signatures or definitions of known viruses and malware, storing these signatures or definitions in a database on the computer, and comparing data with these signatures or definitions in order to determine whether or not the data contains a virus or malware. Detecting previously unknown viruses and malware may often involves analyzing data for certain characteristics or emulating the execution of data to determine what it would do if allowed to run on the host system. Identifying new attacks is a matter of updating a virus definition or virus signature database on the computer or modifying the rules associated with an unknown virus/malware detection system. This is feasible since computers have the hardware, software and memory resources to store and manage vast virus signature databases, as well as the processing resources to perform complicated analyses and emulate an execution environment. The detection of exploits or other attacks that can compromise a computer via a network often involves identifying the signatures of known exploits or attack, storing a database of signatures on the computer being protected, and comparing network data to these signatures in order to determine if the data contains a security threat. Like virus and malware signatures, network attack signatures can be updated in order to detect new security threats. As mentioned previously, such a system is made possible because computers have the computational and storage resources available to manage large attack signature databases and compare network data to many signatures before approving it.
Mobile communications devices lack the same power as computers, though they are often designed to provide some of the same functionalities as computers in a portable form. In order to provide these functionalities, mobile communications devices often retain a mobile or portable version of a desktop computer operating system or system architecture, such as Windows Mobile®, Apple OS X iPhone™ or Java® ME. As a result, some attacks directed to a traditional computer can easily translate or be modified to harm a mobile communications device. Additionally, the number and types of attacks specifically directed to the mobile communications device platform is growing.
Detecting attacks on a mobile communications device presents challenges not found on traditional computing platforms. As previously mentioned, mobile communications devices lack the hardware, software and memory resources of a traditional computer. As such, storing vast signature databases on the mobile communications device is not feasible, and running complicated analysis systems strains the device's memory, battery, and CPU. Other security solutions have been found unsuccessful at detecting attacks specifically directed to a mobile communications device, since mobile communications devices provide functionalities not found on traditional computers. For example, a mobile communications device may be attacked via network data, files, or executables received over various network interfaces such as Bluetooth, Wi-Fi, infrared, or cellular networks.
The lack of robust antivirus and attack preventative measures on mobile communications devices has serious security implications. Mobile devices are part of a critical infrastructure: as people depend on such devices to communicate, transmit and receive data, and access Internet and intranet websites, it becomes more important that these devices remain secure. If not protected, a significant portion of mobile devices may be vulnerable to criminal or cyber-terrorist attacks that could disrupt the normal functioning of both commerce and government. One skilled in the art could easily disrupt vital communications, use mobile communications devices to hack into supposedly secure servers storing confidential information, steal money via mobile payment mechanisms, or perform a host of other malicious and nefarious acts.
What is therefore needed is a way to prevent attacks and protect mobile communications devices without sacrificing device performance.